Privacy Policy

Effective date: February 10, 2026 · Expense scan

Introduction

Welcome. Expense scan ("we", "us", or "our") is an OCR-powered receipt and expense scanner that extracts data from physical receipts, categorizes business spending, and exports monthly financial summaries as local spreadsheets. This Privacy Policy explains what information we collect when you use our app, how we use and protect it, and the choices available to you.

Information we collect

To provide our receipt scanning and expense reporting services we collect the following types of information when you register or interact with the app:

Identity & contact: your full name, email address, and phone number (optional).
Verification data: email address and one-time passcode (OTP) used for account verification; timestamps of verification events.
Receipt images & OCR data: photos or scans of receipts and the text extracted from them (merchant name, transaction date, total, tax amounts, line items, and any recognizable payment method details where available).
Expense metadata: categories, project or client associations (if you provide them), tags, notes, and any fields you enter when reviewing or editing an expense.
Exports & files: summaries and spreadsheets you generate; unless you explicitly store them with our cloud backup feature, exported files remain on your device only.
Technical data: device type, operating system version, app version, and crash reports (sent only if you opt in to diagnostic reporting).

How we use your information

We use collected information for the following purposes:

To create and verify user accounts (email + OTP verification) and to prevent fraud.
To extract and categorize receipt data using OCR so you can review, tag, and report on expenses.
To generate aggregated summaries and exports (local spreadsheets) and to deliver features you request.
To communicate important information such as account notifications, export-ready reports, feature updates, and support replies.
To provide, improve, and troubleshoot the app (including optional diagnostic reports if you enable them).
To comply with legal obligations and to enforce our terms and policies.

Third-party service providers

We work with trusted third-party service providers who perform services on our behalf and may process personal data to support the app. These include:

OCR and document-processing providers that help convert receipt images into structured data (some processing may occur on provider servers).
Payment processors for handling subscription payments and invoicing (if applicable).
Email and SMS providers for sending verification codes (OTP), notifications and account communications.
Cloud hosting providers that store encrypted backups and app data (only if you enable cloud backup).
Optional analytics or crash reporting tools (only if you opt in to diagnostics).

We require these providers to process data only on our instructions and to maintain appropriate security measures. We do not sell personal information to third parties.

Security

We implement reasonable administrative, technical, and physical safeguards to protect personal data. Examples include encrypted storage, access controls, and transport-layer security (HTTPS). OCR providers and cloud hosting partners are contractually required to protect data. However, no method of transmission or storage is completely secure; if a data breach affecting personal data occurs, we will notify affected users and regulators as required by law.

Children’s privacy

Expense scan is intended for business and professional use and is not directed to children under 13. We do not knowingly collect personal information from children. If you believe we have collected personal information about a child in error, contact us and we will take steps to remove it.

Your rights

Subject to applicable law, you may have the right to:

Access the personal information we hold about you.
Request correction of inaccurate or incomplete personal information.
Request deletion of personal information (subject to legal retention requirements).
Object to or restrict certain processing, or request portability of data where applicable.

To exercise these rights, please contact us at the email below. We will verify requests to protect data security and respond within applicable timeframes.

Cookies & tracking

We do not use tracking cookies within the app by default. If the website or app implements cookies, we will disclose their use and obtain consent where required. Diagnostic or analytics tools (if enabled) may use non-identifying cookies; you can opt out where such choices are provided.

Changes to this policy

We may update this Privacy Policy occasionally. When we do, we will update the "Effective date" at the top of this page. Significant changes will be communicated where feasible.

Contact & responsible party

If you have questions or wish to exercise your rights, contact us at:

ping@willgibbins.com

This policy is a general-purpose summary. If you'd like a version tailored for a specific jurisdiction (for example, GDPR or CCPA), a printable PDF, or help with a data request, contact us and we'll assist.

Data retention & account deletion

We retain account and receipt data while an account is active to provide services. After an account becomes inactive, we retain personal data for up to 2 years from the date of last activity to allow for reactivation and legal obligations, unless a longer retention period is required by law. Note: some financial records (for example, receipts required for tax purposes) may be retained up to 7 years when required by applicable law.

If you would like your account and associated personal data deleted sooner, you may request deletion. Deletion requests are processed promptly and typically completed within 7 working days. To request deletion, follow our deletion page:

Request account deletion and data removal